Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


MS Exchange 2003 "454 Temporary EXPS-Authentication failure"

Posted on 2006-11-20
Medium Priority
Last Modified: 2012-05-05

my mail was working fine, then all of a sudden the Routing Group Connection i had between Server A and Server B started queing mail on the connection located on Server A.

I tried to force a connection, but it was in constant retry state.

So i did a telnet to Server B from Server A, initiated a ehlo <domain name> and the following line came back

454 Temporary EXPS-Authentication failure

After doing some research i found the following description on this error, but the solution doesn't seem to fit in with me at all... As all DC's are functioning correctly in our Domain.. i can't find any errors.
"The error message "454 Temporary EXPS-Authentication failure" is emitted by
the exps (exchange protocol-security) sink in Exchange. Usually this means
that the sink is unable to initialize due to DS connectivity/availability
problems. Are you sure you are not receiving a response to EHLO? This
message is returned as a response to the EHLO command by the Exchange
server. If your domain-controller is down, SMTP might seem to hang for a
little while (as it tries to connect to the DS) before it gives up and comes
back with this error.

I would look in the event-log for other errors, but I think this is a DS
connectivity issue. Pull up ldp.exe and make sure you can connect and query
your DC."______________________________________________________________

I have another server, say Server C, which is setup exactely the same as Server B, and i can telnet from Server A to C without any issues..

I can use the helo command, but after doing a mail from:e-mail@email.com it kicks me out with the same error from the telnet session.

As it stands, i've had to create a X.400 connection to alow mail to flow, and have freezed the existing RGC.

If someone could help me understand this a little more, that would be appreciated.

Question by:Haggard1
  • 3
  • 2
LVL 104

Expert Comment

ID: 17991178
I would remove the Routing Group connector. Then recreate them and see what happens.
You should also ensure that the FQDN on the SMTP virtual server of each machine resolves correctly internally.


Author Comment

ID: 17992614
Hi Simon,

thanks for the reply, i've already done this.. and checked the FQDN, all seems fine..

I've been told the following, and are leading to believe that there is an issue with the SMTP service, and i may need to reinstall IIS.

Issue - The metabase is not up to date

1.       Open the properties of the Default SMTP virtual server

2.       Change the IP address from <all unassigned> to the specific IP of the server and restart SMTP

3.       This will force an update of the metabase and may resolve your issue.

4.       If a – c does not resolve the problem you may need to re-install IIS and Exchange using the following KB:
How to remove and reinstall IIS and Exchange:

Note: If you can Telnet to the Exchange server and use the HELO verb. Then successfully submit the MAIL FROM command, but are disconnected with this error “425 5.1.0 Dropping connection due to an error on this server”, then you’ll definitely have to re-install IIS and Exchange as the SMTP protocol is damaged!

The last line, about it droping out after a HELO, then mail from is true for my situation..

My only concern is, if i remove and reinstall IIS, will i have to reinstall Exchange completely, or can you get away with removing IIS, and leaving Exchange..? Sounds all a little to risky for my liking!!
LVL 104

Accepted Solution

Sembee earned 2000 total points
ID: 17997108
You cannot remove IIS without damaging Exchange.
The only officially supported way is the removal of Exchange, then IIS, then the install of both.
It has been known to remove IIS from under Exchange, then reinstall IIS, then reinstall Exchange on top of the existing installation (followed by the relevant service pack). However that is high risk and I wouldn't advise it.

Changing the IP address from all unassigned to the specific IP address, even when there is just one, is something I do as standard when setting up a multiple Exchange site.

If you haven't done that already, I would make that change on all the SMTP virtual servers, then recreate the Routing Group Connectors. The RGCs are odd in that they use the information on the SMTP VS when creating the connector, then use some information from the AD. It can easily catch you out if you aren't careful. If you set the IP address specifically then it doesn't cause as many problems.


Author Comment

ID: 18005209
Thanks Simon, I'll give that a shot and keep you posted.

Author Comment

ID: 18005848
Good man, that worked.. Strange however, because as best practise i generally apply the IP address on All 2003 Exchange servers, so anyway, i put it back to original config, restarted the SMTP virtual servers, and bobs your uncle!!

Thanks again

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to effectively resolve the number one email related issue received by helpdesks.
In this post, we will learn to set up the Group Naming policy and will see how it is going to impact the Display Name and the Email addresses of the Group.
how to add IIS SMTP to handle application/Scanner relays into office 365.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question